IT Security Tests
Research is becoming more common place in automated environments or relies heavily on data from automated systems. More and more information is only available in digital form. It is therefore crucial that the data is properly secured against different forms of danger. This includes not only attacks from outside by an unknown but also includes internal threats. What information do the employees have access to? Can they give themselves additional access rights? In case of a server crash, can the data still be recovered by, for example, a backup?
The IT security test consists of the following components:
- Identification and exploration
The network traffic is analyzed for things like IP ranges that are in use and several critical servers and network components are identified
- Port and vulnerability scan
During the port and network vulnerability scan the network is scanned for any known vulnerabilities in the network.
- Privilege escalation
The focus is on changing the increase of rights of certain systems. This can be done in various ways, for example by getting hold of credentials.
- Possibly: Determine business risks:
To keep it as concrete as possible, specific goals can be set such as: can certain data be obtained, can e-mail be reached or can processes be changed or adapted. This research is, depending on the question, carried out in collaboration with Forensic Services Caribbean’s partner called Fox-IT.
If you have any questions or advice please feel free to contact us.